Bug#545234: perl segfaults with s/(.)\G//g

Raphael Geissert geissert at debian.org
Sat Sep 5 21:57:56 UTC 2009 

Package: perl-base
Version: 5.10.0-25

Hi,

A simple way to trigger it:
$ echo foo | perl -pe "s/(.)\G//g"

The following trigger it as well
echo foo | perl -pe "s/(.{1})\G//g"
echo foo | perl -pe "s/(.)\G.//g"
etc

but by adding + or * to the magic dot, it no longer segfaults.

Full backtrace:
#0  memmove () at ../sysdeps/i386/i686/memmove.S:100
No locals.
#1  0x0810dc99 in Perl_sv_catpvn_flags (my_perl=0x8807008, dsv=0x880b7a4, 
sstr=0x882079c "", slen=4294967295, flags=2)
    at sv.c:4246
        dlen = 0
        dstr = 0x8820dcc ""
#2  0x080e2c0e in Perl_pp_subst (my_perl=0x8807008) at pp_hot.c:2317
        sp = <value optimized out>
        targ = (SV *) 0x880b8c4
        pm = (PMOP *) 0x882ad00
        s = 0x882079c ""
        strend = 0x88207a0 ""
        m = 0x882079b ""
        c = 0x882ae04 ""
        d = <value optimized out>
        clen = 0
        iters = 0
        maxiters = 18
        i = <value optimized out>
        once = 0 '\0'
        rxtainted = 0 '\0'
        orig = 0x882079c ""
        r_flags = 25
        rx = (REGEXP *) 0x882ad3c
        len = 4
        force_on_match = 0
        oldsave = 11
        slen = <value optimized out>
        doutf8 = 0 '\0'
        nsv = (SV *) 0x0
        dstr = (SV *) 0x880b7a4
#3  0x080a490f in Perl_runops_debug (my_perl=0x8807008) at dump.c:1931
No locals.
#4  0x080d5019 in perl_run (my_perl=0x8807008) at perl.c:2391
        oldscope = 1
        ret = <value optimized out>
        cur_env = {je_prev = 0x880717c, je_buf = {{__jmpbuf = 
{-1208922124, -1077324960, 134626736, -1077325032, 377466777,
        -1639147786}, __mask_was_saved = 0, __saved_mask = {__val = 
{3085281509, 3217642192, 3086519547, 3086583848,
          3086166288, 1, 1, 0, 134580660, 4, 0, 136843556, 1, 3086067420, 
142635016, 3217642336, 142635556, 3217642264,
          3086542784, 142653316, 142635016, 3217642336, 142635016, 3217642264, 
135113695, 142635016, 136486100, 5, 10, 0, 0,
          134944768}}}}, je_ret = 0, je_mustcatch = 0 '\0'}
#5  0x08063f65 in main (argc=3, argv=0xbfc953e4, env=0xbfc953f4) at 
perlmain.c:113
        exitstatus = <value optimized out>

It is fully reproducible in amd64 and i686 machines.

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

More information about the Perl-maintainers mailing list